Bugtraq mailing list archives
Re: Security Info (root broken)
From: cklaus () shadow net (Christopher Klaus)
Date: Thu, 29 Sep 94 17:18:25 EDT
On Thu, 29 Sep 1994 07:04:44 -0600 (CDT), Pug <pug () arlut utexas edu> said:>> This was a new >> install, and it lasted about 4 days. One person heard thru the cracker >> grapvine that root was broken thru /bin/mail. P> Did you happen to install the following, in particular 101436-02? P> Solaris 1.1.1 Patches Containing Security Fixes: P> ------------------------------------------------ P> 101436-02 SunOS 4.1.3_U1: bin/mail jumbo patch This is the patch which made the race condition *easier* to exploit than it was in the unpatched version.As I remember the race condition, you don't have a problem if you don't allow the 'r' commands into your system. The race condition created a .rhosts file for accounts that had UID 0, but no existing .rhosts file. I can't find my copy of the exploit anymore to be certain. As well, you had to start on the system, so it wasn't that much of an external job anyway. I see allowing 'r' commands into your installation as a Bad Thing anyway.
I agree that removing the .rhosts ability is a good idea, but it would be just as easy for an intruder to use the race condition to overwrite the password file with their own root account unless this particular bug doesnt allow overwriting files. Or they could create a .forward file to gain the root's permissions. I am sure there are other methods to subvert the machine, if allowed to write root owned files. -- Christopher William Klaus <cklaus () shadow net> <iss () shadow net> Internet Security Systems, Inc. Computer Security Consulting 2209 Summit Place Drive, Penetration Analysis of Networks Atlanta,GA 30350-2430. (404)518-0099. Fax: (404)518-0030
Current thread:
- Re: Security Info (root broken), (continued)
- Re: Security Info (root broken) pluvius (Sep 28)
- Re: Security Info (root broken) Charles R. Hoynowski (Sep 29)
- Re: Security Info (root broken) Christopher Klaus (Sep 28)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) John Ladwig (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Casper Dik (Sep 29)
- Re: Security Info (root broken) Timothy Newsham (Sep 29)
- Old sendmail bugs Michael Neuman (Sep 29)
- Re: Security Info (root broken) Karl Strickland (Sep 29)
- Re: Security Info (root broken) Christopher Klaus (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Neil Woods (Sep 29)
- IBM AIX rlogin fix jim () Tadpole COM (Sep 28)
- security problem w/ smail james w abendschan (Sep 27)